SSO (Single Sign-On) Configuration and Use

SSO (Single Sign-On) Configuration and Use

SSO (“Single Sign-On”) is an overview of how to configure and use an SSO in Certain.

Certain can create SSO connections for you. You need to ask the Customer Success Manager for details.

An Administrator can enable an SSO for an account or sub-account. An Event Builder can then use the SSO in an event.

These SSOs can include Social Logins (LinkedIn, Facebook, Microsoft, or Google+) and Corporate SSOs.

There are three types of SSO.

• ADMIN.
• For Certain users logging in to the Certain app.
• ATTENDEE LOGIN.
• For attendees using forms to register or logging back in to a form.
• For attendees logging in to a Certain Mobile web app.
• For speakers logging in to a Speaker Portal.
• For reviewers logging in to a Reviewer Portal.
• CHECK-IN APP.
• For Certain users logging in to the Certain Check-In app.
• The app is used to check attendees in an event.

"Admin" SSOs

"Admin" SSOs are for Certain users to log in without using their Certain username and password.

If Certain has configured an "ADMIN" SSO for your system (on Account Settings > Management > Single Sign-On), then users of the Certain platform who have signed in to your corporate system do not have to enter another user name and password to access Certain. Users still need to have a matching User record in Certain.

> Note: Only one ADMIN SSO can be activated for a system at any one time.

"Attendee Login" SSOs

"Attendee Login" SSOs are for attendees logging in to registration forms or the Mobile web app. They also support speakers logging in to a Speaker Portal. They also support reviewers logging in to a Reviewer Portal.

The first six steps to set up and use "Attendee Login" SSOs are the same for Forms, Mobile, Speaker Portal, and Reviewer Portal. The remaining steps are explained under each of those headings below.

For all four uses, these six steps must be completed first.

1. System.

• Certain creates and sets up one or more "ATTENDEE LOGIN" SSOs for your system.

2. Account.

• Certain enables SSO(s) for each account and sub-account in which those SSOs will be used.
• For an SSO to be available in a sub-account, the parent account must enable the SSO first.
• You can enable the SSO(s) by going to Account Settings > Management > Single Sign-On and selecting the Enabled check box for the SSO(s) to be available.
• You can edit the SSO configuration in the next two steps.

3. Account.

• Certain configures SSO field mappings.
• An Administrator maps IDP fields to Certain Fields.
• In a sub-account, you need to map these fields independently of the parent account because the mappings are not “inherited” from the parent account.
• You can configure the mappings by going to Account Settings > Management > Single Sign-On.
• Click for an enabled SSO and select the Certain Fields to map to the IDP Fields.
• You must map the Profile First Name and Profile Last Name in Certain to the equivalent IDP fields.
• You must not map Profile First Name and Profile Last Name to the same IDP field.
• See the note in that help topic.

4. Account.

• Certain can customize the SSO button appearance for each SSO connection to be used on Forms, Mobile, Speaker Portal, and Reviewer Portal.
• You can customize the button by going to Account Settings > Management > Single Sign-On.
• Click for an enabled SSO and edit the Button... settings (color, text, icon, and class).

> Note: These button settings for an SSO Connection are used on all forms set to use that connection.

The same button settings are also used for Mobile, the Speaker Portal, and the Reviewer Portal, if those are set to use the same connection.

You do not edit these settings further at those lower levels.

5. Event.

• An Administrator enables the Single Sign-On module for the event.
• In the event, go to Plan > Configure > Options.
• Select the Single Sign-On Module under Functional Areas to be enabled for this event.

6. Event.

• An Administrator configures the SSO for an event.
• In the event, go to Plan > Configure > Single Sign-On.
• Select the Enabled check box for the SSO(s) to be available for use in the event.
• This availability makes the SSO(s) available to the event’s forms, its Mobile web app, its Speaker Portal, and its Reviewer Portal.

> Note: You do not “edit” an SSO.

You select the SSO check box in the list of SSOs.

In Forms

"Forms" are used for attendees registering on registration forms. "Forms" are also used for attendees logging back in to a form after having registered.

These are the remaining steps after 1–6 above. Step 4 is especially relevant for customizing the SSO button.

1. Form.

• An Event Builder selects the SSO(s) to be available on a form.
• In the event, go to Plan > Forms > Entry to edit the Entry section for the form.
• Select the SSO(s) to be used.
• The list of available SSOs is the set enabled in step 6 above.

2. Attendees.

• When an attendee registers on that form, the attendee can click a button on the entry page (for example, LinkedIn or Facebook) to pre-populate their details.

3. Attendees.

• After an attendee has registered using an SSO, the attendee can log back in using the same SSO or their Username and Password.
• The attendee cannot log back in using a different SSO.
• Example.
• If the form offered the choice of LinkedIn and Facebook, and the attendee used LinkedIn to register, the attendee cannot use Facebook to log back in.

> Note: An attendee who registered without using an SSO connection cannot log back in to their registration using an SSO connection.

The attendee can only log in using their Username and Password.

For a Certain Mobile HTML5 Web App

"Certain Mobile HTML5 Web App" is used for attendees logging in to a Certain Mobile web app.

These are the remaining steps after 1–6 above. Step 4 is especially relevant for customizing the SSO button.

1. Mobile.

• An Event Builder selects the SSO(s) to be available on the Login page of the Mobile web app.
• In the event, go to Engage > Mobile > Content > Login to edit the Login page.
• Select the SSO(s) to be used.
• The list of available SSOs is the set enabled in step 6 above.

2. Attendees.

• When an attendee is logging in to the Certain Mobile web app, the attendee can click the same button on the page to log in to Mobile using those credentials if the attendee registered using an SSO.
• The source references “In Forms” as the place where the attendee registered.
• Or the attendee can log in with their Username and Password.

> Note: An attendee who registered without using an SSO connection cannot log in to the Mobile web app using an SSO connection.

The attendee can only log in using their Username and Password.

For a Speaker Portal

A Speaker Portal is available only if these options are enabled for the event (in Plan > Configure > Options):

• Speaker and Session Management module
• Conference Sessions option

These are the remaining steps after 1–6 above. Step 4 is especially relevant for customizing the SSO button.

1. Speaker Portal.

• An Event Builder selects the SSO(s) to be available on the Login page of the Speaker Portal.
• In the event, go to Manage > Speakers and Sessions > Speaker Portal > Login to edit the Login page.
• Select the SSO(s) to be used.
• The list of available SSOs is the set enabled in step 6 above.

2. Speakers.

• When a speaker first registers in the Speaker Portal, the speaker can click a button on the Login page (for example, LinkedIn) to pre-populate their details using those credentials.

3. Speakers.

• After a speaker has registered using an SSO, the speaker can log in to the Speaker Portal using the same SSO or their Username and Password.
• The speaker cannot log in using a different SSO.
• Example.
• If the Speaker Portal offered the choice of LinkedIn and Facebook, and the speaker used LinkedIn to register, the speaker could not use Facebook to log in.

> Note: A speaker who registered without using an SSO connection cannot log in using an SSO connection.

The speaker can only log in using their Username and Password.

For a Reviewer Portal

A Reviewer Portal is available only if these options are enabled for the event (in Plan > Configure > Options):

• Speaker and Session Management module
• Conference Sessions option

These are the remaining steps after 1–6 above. Step 4 is especially relevant for customizing the SSO button.

1. Reviewer Portal.

• An Event Builder selects the SSO(s) to be available on the Login page of the Reviewer Portal.
• In the event, go to Manage > Speakers and Sessions > Reviewer Portal > Login to edit the Login page.
• Select the SSO(s) to be used.
• The list of available SSOs is the set enabled in step 6 above.

2. Reviewers.

• When a reviewer goes to the Reviewer Portal they can click a button on the Login page (for example, LinkedIn) to pre-populate their details using those credentials.

3. Reviewers.

• Once a reviewer has registered using an SSO, the reviewer can log in to the Reviewer Portal using the same SSO or their Username and Password.
• The reviewer cannot log in using a different SSO.
• Example.
• If the Reviewer Portal offered the choice of LinkedIn and Facebook, and the reviewer used LinkedIn to register, the reviewer could not use Facebook to log in.

> Note: A reviewer who registered without using an SSO connection cannot log in using an SSO connection.

The reviewer can only log in using their Username and Password.

"Check-In App" SSOs

"Check-In App" SSOs are for Certain users logging in to the Certain Check-In app.

If Certain has configured a "CHECK-IN APP" SSO for your system, Check-In users can log in with their SSO credentials instead of their Certain username and password. Users still need to have a User record in Certain.

The workflow is simple:

1. Certain sets up a "CHECK-IN APP" SSO for your system.

• Certain "System Master" users only.

2. Account or Sub-Account.

• No configuration is required in an account or sub-account.
• If a "CHECK-IN APP" SSO is enabled for a system, it is automatically enabled for all accounts / sub-accounts.

3. Event.

• No configuration is required at the event level:
• Nothing in Event > Configure > Single Sign-On
• Nothing in Event > Engage > Check-In

4. Check-In Users.

• When a Certain user logs in to Certain Check-In on their mobile device, the user can click the gear icon on the page to select the SSO.
• The user can then use those credentials to log in.
• The user can now use the app to check attendees in at an event just as if the user had logged in with their Certain username and password.

> Note: Only one CHECK-IN APP SSO can be activated for a system at any one time.